With much of the privacy regulatory and policy world on vacation, I took a few days outside of Washington to hear what people are thinking about where privacy law is going. I have just returned from "Geek Week" in Seattle, WA, where I particiated in a new program entitled "pii2010" which "explore[d] the future of digital privacy, identity and innovation, and how to strike a balance between protecting sensitive information and enabling new technologies and business models. Hosted by technology analyst Larry Magid, it [was] an all-hands-on-deck conference where industry executives, technologists, consumer advocates, policy experts and other stakeholders [came] together as a group to examine critical issues. "Lively" doesn’t beging to describe the event, with audience members intervening at will and peppering the panelists with questions and "colorful" comments, It was a little like a blog come to life. One major take-away: there are widely divergent views on the role of government and regulation in protecting online privacy.
Washington Internet Daily provided a report of the event and my participation, a small excerpt of which is here:
Rumors of the death of the notice-and-choice privacy framework have been greatly exaggerated.Despite regular declarations from FTC officials over the past several months that the framework needs to be replaced, privacy advocates speaking to the pii2010 conference Thursday gave every indication that won’t happen.
"For better or worse, we are stuck with a notice-and-choice paradigm" and must work within it, said Christopher Wolf, co-chairman of the Future of Privacy Forum. "I don’t see how you get rid of choice," said Fran Maier, president of TRUSTe. The likelihood of any privacy bill passing this year is "virtually nonexistent," and if Republicans retake at least one house of Congress in the midterm elections, it drops, Wolf said. The bills offered by Reps. Bobby Rush, D-Ill., and Rick Boucher, D-Va., chairmen of the House Commerce Consumer Protection and Communications subcommittees, are "incredibly complex," Wolf said. "I just see enormous wrangling" over their provisions from industry and activists. The bills have been helpful to "start conversation" with stakeholders, though, Maier said.
More likely is faster development of "common law" by the FTC, which has "really gotten into the weeds" on privacy-related issues, especially data security, said Wolf, who represents clients before the commission. The parties targeted in FTC investigations rarely put up much of a fight, as exemplified by Sears’ conceding that its tracking software installed on customers’ computers crossed the line, he said: There’s no reason to think the commission will go easier on privacy disputes.
The Future of Privacy Forum is "trying to proselytize" for better self-regulation by industry, as with the "Power-I" icon being tested in online ads, but not trying to halt privacy legislation that gives companies a safe harbor for following best practices, Wolf said. The forum is running a "privacy papers for policymakers" competition whose winners will be announced Sept. 15 at a George Washington University law school event with David Vladeck, director of the FTC Consumer Protection Bureau, he said.